WHAT IS CLAIMED IS: 



1 . A method for accessing information in an information store in 
accordance wkh an access policy, said method comprising: 

receiving an access request comprising a request for a first type of 
information, wheiWi said request for a first type of information has associated therewith first 
information contained in said information store; 

replacing said request for a first type of information with a modified request 
for a first type of information, said modified request being based on said access policy; and 

accessing said information store to produce a result in response to said access 
request, wherein said modified request produces either a masked value or said first 
information, based on said access policy. 

2. The method^of claim 1 wherein said modified request includes a mask 

function. 

3. The method of <^laim 2 wherein said accessing includes executing said 
mask function to produce either said masked value or said first information. 

4. The method of claimNl further including modifying said access request 
to include a filter function, said filter function\effective for eliminating portions of said result 
in accordance with said access policy. 

5. The method of claim 1 wherein said information store is a relational 
database and said request for a first type of infoimatton comprises a SELECT statement, said 
SELECT statement comprising one or more column references, said modified request 
comprising a replacement of at least one of said one or Ajore column references with a mask 
function. 

6. The method of claim 1 wherein said information store is a relational 
database and said access request includes a WHERE clause, said result comprising one or 
more rows of information, said method further including incorporating a filter function in 
said WHERE clause to remove certain rows contained in said result, based on said access 
policy. 
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\ 7. In a relational database, a method for accessing information in 

accordance with an access policy, said method comprising: 

\ providing at least one query comprising a SELECT statement, said SELECT 
statement comprising one or more column references; 

\ replacing at least one of said one or more column references with a mask 
function to produce a modified query; and 

producing a query result in response to said modified query comprising one or 
more rows of information; 

whereik said query result includes, for said at least one of said one or more 
column references, eithefc mask values or information from said relational database, based on 
said access policy. \ 

8. The method of claim 7 wherein said at least one query further 
comprises a WHERE clause, saickmethod further including modifying said WHERE clause to 
produce a modified WHERE clauskwhich includes a filter function, said filter function 
producing one of two logical values, said modified WHERE clause effective for deleting a 
row from said query result based on a value produced by said filter function. 

9. The method of claim\7 wherein said relational database in provided in 
a database server; said step of providing includes receiving said at least one query at a client 
system; and said step of producing includes transmitting said modified query to said database 
server. \ 

10. The method of claim 9 wherem said step of replacing is performed at 
said client system. \ 

1 1 . The method of claim 9 wherein sam step of replacing is performed at 
said database server. \ 



12. A computer-based information retrieval system comprising: 
computer memory having computer readable program code embodied therein 

for accessing an information store in accordance with an access policy, said computer 

readable program code comprising: 
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first code configured to receive an access request for a first type of 
infornWion, wherein said request for a first type of information has associated therewith first 
information; 

second code configured to replace said request for a first type of 
information ^rith a modified request for a first type of information, said modified request 
being based on\aid access policy; and 

third code configured to access said information store to produce a 
result in response t&said access request, wherein said modified request produces either a 
masked value or said ilrst information, based on said access policy. 

13. The system of claim 12 further including fourth code configured to 
modify said access requesrto include a filter function, said filter function effective for 
eliminating portions of said rfesult in accordance with said access policy. 

14. The system of claim 12 further including a relational database and said 
request for a first type of infonnaticm comprises a SELECT statement, said SELECT 
statement comprising one or more column references, said modified request comprising a 
replacement of at least one of said one or more column references with a mask function. 

15. The system of claiA 12 further including a relational database and said 
access request includes a WHERE clause, said result comprising one or more rows of 
information, said second code further configured to incorporate a filter function in said 
WHERE clause to remove certain rows contained in said result, based on said access policy. 

16. The system of claim 12 further including a client computer system and 
a server computer system, said client computer system comprising a portion of said computer 
memory embodying said first and second codes, said server computer system comprising 
another portion of said computer memory embodying sard third code. 

17. The system of claim 12 wherein saidciatabase server is a relational 
database server, said request for a first type of information comprises a SELECT statement, 
said SELECT statement comprising one or more column references, said modified request 
comprising a replacement of at least one of said one or more column references with a mask 
function. 
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The system of claim 17 wherein said third code includes mask 



1 15L The system of claim 16 wherein said database server is a relational 

2 database server, said access request includes a WHERE clause, said result comprising one or 

3 more rows of information, said second code further configured to incorporate a filter function 

4 in said WHERE clause\q remove certain rows contained in said result, based on said access 

5 policy. 

1 20. The system of claim 19 wherein said third code includes mask 

2 function. 
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